State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
The U.S. Department of Justice’s (DOJ) sweeping new rule on cross-border data transactions is set to take effect in substantial part next month, with broad implications for companies that transfer U.S. personal data or...more
The Department of Justice’s (DOJ) final rule implements President Biden’s Executive Order 14117 of February 28, 2024, on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more
On December 24, 2024, New York Governor Kathy Hochul signed into law amendments to New York’s private-sector data breach notification law (General Business Law § 899-aa) and government agency data breach notification law (New...more
On January 8, 2025, the Department of Justice (“DOJ”) published its Final Rule to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States...more
The rule imposes substantial new diligence, reporting, cybersecurity, and auditing obligations on companies. On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued a final rule implementing Executive Order...more
The U.S. Department of Defense (DOD) has published a Final Rule to implement the Cybersecurity Maturity Model Certification (CMMC) program, which establishes minimum cybersecurity requirements for nearly all DOD contracts....more
The federal government is the biggest purchaser in America and that extends to the SaaS space. On September 24, 2024, the Office of Management and Budget (OMB) released Memorandum M-24-18, offering updated guidelines for the...more
The U.S. Department of Justice (DOJ) filed its first major complaint-in-intervention under the False Claims Act (FCA) premised on a government contractor’s alleged cybersecurity deficiencies since the DOJ’s Civil Cyber-Fraud...more
Editor’s Note: During a recent HaystackID webcast, expert panelists explored the role of the Committee on Foreign Investment in the United States (CFIUS) in protecting sensitive technologies, classified contracts, and other...more
As addressing cybersecurity issues continues to become a top priority throughout the financial industry, the U.S. Securities and Exchange Commission (SEC) is following suit. The SEC unanimously voted to approve a new set of...more
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
On November 1, 2023, the New York State Department of Financial Services (“DFS”) amended its cybersecurity regulations to institute additional standards and controls aimed at securing sensitive data among the financial...more
Editor’s Note: In a rapidly evolving technological landscape, understanding the capabilities and limitations of platforms like Microsoft 365 (M365) is crucial for law firms, especially in the realms of eDiscovery and...more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
The U.S. Department of Homeland Security (DHS) has issued comprehensive cybersecurity regulations aimed at protecting Controlled Unclassified Information (CUI). These regulations were long-awaited, as the original proposed...more
The SEC continues its overhaul of cybersecurity, cyber incident reporting, and privacy controls and requirements for industry registrants, their services providers, and corporate America generally. On March 15, 2023, the SEC...more
The SEC continued its recent onslaught of proposed cybersecurity rules in mid-March with three new proposals covering a litany of entities, including investment advisers, broker-dealers, investment companies, clearing...more
Under the updated Rule, FIs are obligated to implement data security measures that will protect against data breaches and cyberattacks in order to prevent financial harm to consumers, including identity theft and loss of...more
The New York Department of Financial Services (NYDFS) on Nov. 9, 2022, released Proposed Amendments to its Cybersecurity Regulation. The NYDFS Cybersecurity Regulation was one of the first laws requiring companies to comply...more
The amended California Consumer Privacy Act (CCPA), sometimes referred to as the California Privacy Rights Act (CPRA) or Proposition 24, takes effect on January 1, 2023 – and introduces new consumer rights, while...more
Organizations are feeling the pinch of compliance like never before as government agencies at every level are scrutinizing their business affairs more closely and issuing more regulations. To meet their compliance...more
The COVID-19 pandemic has had a disparate effect on privacy regulators, with varying levels of enforcement advocated by different government entities; the California Attorney General, the U.S. Department of Health & Human...more